Search This Blog

Monday, September 28, 2020

Horizon 8 2006 - The Next-Generation of End User Computing from VMWare is Ready

 

Horizon 8 2006 Overview

Horizon 8 2006 is now available and I am using this new release exclusively moving forward for new installations and upgrades. So far I have been pleased with the ease of implementation and configuration, upgrades and ability to utilize vSphere 7. 

Below are some really good links to review before going down the Horizon 8 Path and some details from  https://techzone.vmware.com/blog/whats-new-vmware-horizon-8-2006-cart-app-volumes-and-dynamic-environment-manager 

Release Notes

https://docs.vmware.com/en/VMware-Horizon/2006/rn/horizon-2006-release-notes.html

Compatibility Guide

https://www.vmware.com/resources/compatibility/sim/interop_matrix.php

Horizon 8 Upgrade Guide

https://www.vmware.com/products/horizon/upgrade-center.html

Blog Regarding Release

https://blogs.vmware.com/euc/2020/08/vmware-horizon-8.html


Horizon 2006 Platform Updates

Here are some of the most notable new enhancements and updates to the platform:

  • Branding and Versioning. We’ve moved to the YYMM-style format to version the Horizon Server, Horizon Client and Horizon Agent. This new format applies to product installations and Horizon Console as well.
  • Updates to Core Platform. Horizon 2006 now supports parallel upgrades of Connection Servers. Note that this applies to a maximum of 3 pods at a time in parallel. If another host in a local or global pod is in an inconsistent state, the installer is blocked.
    • Up to 32 GB of cache in CBRC 2.0 is now supported, up significantly from 2 GB in CBRC 1.0.
    • False memory alarm for IC Parents on vSphere 7.0 can be removed.
    • Note that now HTML is on by default for desktop pools and RDSH farms.
  • Deployment Options. You can now choose your deployment environment when you set up a new pod, during the connection server installation process. The following deployment environments are supported, and help you determine how the installation will be completed:
    • General (typical vSphere On-Premises)
    • AWS (either VMware Cloud on AWS, or EC2 Native)
    • Dell EMC (the VMware Cloud on Dell EMC solution)
    • Azure (the Azure VMware Solution solution)
    • Google Cloud (the Google Cloud on VMware Engine)
    • Oracle Cloud (the Oracle Cloud on VMware Engine)
      Note: This option is available only when setting up a new pod. Subsequent pods use the deployment options that were set in the first.
  • Digital Watermark. You now have the option of configuring a digital watermark for ownership protection, authenticity, and verification of intellectual property. This allows you to prove ownership and establish a chain of custody on your property. You can set up variables in the watermark, such as IP address, username, domain name, and so on, as well as customizing the opacity, margin, and layout.
  • REST API. This release offers a plethora of new endpoints, including entitlements and inventory sections that include many new options. This release also includes a Swagger UI that is available locally on the installation. Visit https://<FQDN of your connection server>/rest/swagger-ui.html to see the REST APIs, learn about them, explore their endpoints, and test them out.
    For more information, see Using the VMware Horizon Server REST API. https://techzone.vmware.com/resource/using-vmware-horizon-server-rest-api
  • Smart Provisioning. Horizon automatically choose the type of desktop to create, based on density of VMs per host in selected cluster. Low density types are created without parent VMs, high density are created with parent VMs. Horizon directly clones replica without a parent VM, which takes a lot of memory and disk space. This lowers the number of parent VMs in lower-density clusters, and reduces the footprint. For high density, traditional instant clones are created with parent VMs. To learn how this works, including how to force it instead of relying on the automatic functionality, see VMware Horizon Version 8 (2006) – Feature Overview:  Instant Clone Smart Provisioning.
  • Feature mapping. If you compare Horizon 8 (2006) to Horizon 7, you will notice some deprecated features, such as linked clones in the Composer and persistent disks. These features still exist, but are slated to be removed in a future version. Some features have been removed, such as support for older versions of Windows, the JMP Server, persona management, FLEX admin, ThinPrint, and Security Server, all of which have been replaced by newer functionality. Note that instant clones are now available across all license types.
    Horizon 7 to Horizon 6 comparison chart
  • Deprecation notifications have been added to the UI to remind you of the features that are now deprecated and slated to be removed in a future release.
  • Linked Clone/Instant Clone Gaps. There are a few feature gaps between linked clones and instant clones, which might be reason to continue using linked clones until the gaps are filled. Gaps include unique BIOS IDs, multi-NIC, Sysprep for Instant Clones, and statically assigned computer names.

Horizon Console

You will find the following new features and enhancements in the VMware Horizon Console:

General Updates

A number of general updates are included in the new Horizon Console, including the ability to set a display name for global entitlements, an improved grid where more detailed data can be displayed in the easy-to-read layout.

Horizon Client Restrictions

This release includes a restriction against connecting with older Horizon Clients:

In Global Settings, you can configure multiple criteria for what to block, and set up a customized warning message to remind users to upgrade. Only the 8.x (2006) client and later versions can support this warning message (it is not supported on thin clients).

More Detail on Network Display

You can now see many more details on ports, which is helpful when selecting a network during the pool creation process. This includes details about the individual network such as binding, network name, total ports, and available ports, as well as incompatible network types.

In-Product Feedback

You can now send direct in-product feedback to the product teams in 11 languages. The static format is always available (see the bubble in the upper right corner of your console):
In-Product Feedback bubble
The popup format is also available, based on logins and duration. You also have the ability to opt out.

Client Restrictions for Desktop Pools

You can now set it up so that only privileged workstations can connect to a pool. To do this, create an entitlement that restricts both the user and the desktop, so that the specific user must use a specific desktop.

Linux Desktop

You now have support for Red Hat Enterprise Linux 7.8, as well as multi-session support on Red Hat 7.8, 8.1, and Ubuntu 1804. You can set it up by installing a Linux agent with --multiple-session and see a demonstration at https://techzone.vmware.com/vmware?share=video2743.

Blast Extreme

This release gives you a number of improvements to full-screen video and memory utilization in Blast Codec, which is now enabled by default. You can also enjoy support for HEVC 4:4:4 Codec with Intel CPUs, which is the 10th generation of Intel Ice Lake. This is Windows VMs only with the 2006 client, and it is on by default if the hardware exists. In addition, there is support for up to two 8K monitors, and an improvement to how the client topology is sent.

Horizon Agent

This release includes new optimizations in real-time audio and video, including H.265 encode and decode. These optimizations improve the user experience for webcam usage and video conferencing. Support includes Zoom, Microsoft Teams, and Skype for Business, as well as Windows Tablet.

Location-Based Printing UI – VMware Integrated Printing

With a new UI, you can set up location-based printing in VMware Integrated Printing. You configure this in the GPO Bundle and set location-based printing parameters, which flow to the endpoint.

Horizon Clients

Each type of Horizon client has new enhancements and updates, including the new Client Restriction Messages mentioned earlier. You will see this option in the UI of all Horizon Clients.

Video and Desktop Sharing Optimization – Microsoft Teams

This popular feature is optimized for video and desktop sharing with Microsoft Teams on Horizon 2006. A specific set of configurations are supported, including Horizon 2006 Server, Horizon 2006 Windows Client, and that has Teams for VDI installed with the per machine option enabled. Note that this is not supported on RDS desktop pools or application pools.

Windows Client

In addition to the new Client Restriction Message mentioned earlier, the Horizon Windows Client also includes Windows 10 2004 support, Microsoft Edge Chromium support for URL redirection, and the option to skip certification revocation list checking.

Linux Client

In addition to the Client Restriction Message, the Horizon Linux Client also now supports Ubuntu 20.04 LTS, full IPv6, custom display resolutions,  and an updated SDK that allows you to customize the Linux client and get more brokering and remote sessions data.

Mac Client

In addition to the Client Restriction Message, the Horizon Mac Client now has USB auto-connect for RDSH apps.

iOS Client

In addition to the Client Restriction Message, the Horizon iOS now supports VMware Integrated Printing, including location-based printing options.

Android Client

In addition to the Client Restriction Message, the Horizon Android Client also supports VMware Integrated Printing, as well as the ability to pass the Android device ID to OPSWAT.

Chrome Client

In addition to the Client Restriction Message, Horizon Chrome Client also now supports ChromeOS 81 and ChromeOS 82. 

HTML5 Client

In addition to the Client Restriction Message, the Horizon HTML5 Client now supports Edge Chromium, as well as the option to save the monitor layout on Windows, MacOS, and ChromeOS desktop endpoints.

VMware App Volumes

The new release of VMware App Volumes includes a variety of new enhancements and updates, including the new naming convention:

VMware App Volumes new naming convention

Improvements in this release include performance improvements to speed up user logins, diverse application support, and more. Here’s a summary of some of the most notable improvements:

Microsoft LDAP Channel Binding

App Volumes Manager is upgraded to now communicate with Domain Controllers configured for LDAP Channel Binding, in keeping with the March 2020 ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing. App Volume Manager and App Volumes Agent 2006 4.1 are required, and Channel binding support is enabled by default. Note that the LDAP AVM setting works only if AD LAPServerIntegrity is set to 0.

Assignment Filters – Limit Attachment of Assignments to Specific Computers

You can now limit the delivery of application packages to specific computers by appending the computer’s name to set application assignments. This prevents packages from attaching when users login to an unsupported desktop pool. Note that this is not available when assigning directly to a computer object.

Support was added for:

  • Microsoft Office 2019
  • Microsoft SQL Server 2019
  • Microsoft Windows 10, version 2004

Rolling Upgrades

Rolling upgrades are now supported, meaning you can upgrade from one version of App Volumes to the next with no downtime. You can also update one sever at a time while others continue running. For more information, see App Volumes Installation Guide.

Tech Preview - MSIX App Attach Integration

This release gives you an early-access tech preview of new packaging options and wider format support. App Volumes Manager enables packagers to use the same lifecycle and assignment marker features with different package formats, side-by-side. The App Volumes agent can leverage Microsoft’s native app to attach functions alongside its own App Volumes virtualization format. See the App Volumes Packaging Utility fling, which helps package applications and supplements the VHD with the required metadata before importing.

For more information, see VMware App Volumes 4, version 2006 Release Notes.

VMware Dynamic Environment Manager

A number of new features and enhancements come with the latest release of VMware Dynamic Environment Manager.

Editions

New editions are now available: Standard and Enterprise. The Standard edition is available to you if you have new or existing Horizon Standard and Advanced deployments. If you have a Horizon 7.x deployment with current SNS, you will receive DEM Standard with Horizon 8. To learn how to migrate from legacy solutions to modern solutions in detail, see Modernizing VDI for a New Horizonhttps://techzone.vmware.com/resource/modernizing-vdi-new-horizon , including scripts to help you automate the process of migration.

Standard Feature List

The standard feature list includes complete personalization, complete condition sets, application profiler, and helpdesk support tool, as well as limited user environment, such as:

  • Drive Mappings
  • Folder Redirection
  • Logon Tasks
  • Logoff Tasks
  • Printer Mappings

Privilege Elevation Enhancement

In this feature walk-through, you will see how the privilege elevation feature of Dynamic Environment Manager has been enhanced to run elevated tasks. You have had privilege elevation for executables and application installers in past releases. This release brings a new privilege elevation type, called elevated task. You can use elevated tasks to elevate privileges during login, logoff, session reconnect, and so on. Find out more about how this new feature works:

Manage ADMX Settings

You can use Dynamic Environment Manager to manage user and computer-based ADMX policies without the need for group policy options. You have been able to manage user-based templates in the past, but now computer-based templates are available as well. This streamlines your job by reducing the number of consoles to manage. You have granular control of policy application. Find out more about the benefits and use of this feature:

For more information, see Dynamic Environment Manager – Manage Com

VMware Unified Access Gateway 3.10 - Great Reference

Overview


Info Provided by: https://www.carlstalhood.com/vmware-unified-access-gateway/

Unified Access Gateway provides remote connectivity to internal Horizon Agent machines. For an explanation of how this works (i.e. traffic flow), see Understanding Horizon Connections at VMware Tech Zone.

Unified Access Gateway (formerly known as Access Point) is a replacement for Horizon Security Servers. Advantages include:

  • You don’t need to build extra Connection Servers just for pairing. However, you might want extra Horizon Connection Servers so you can filter pools based on tags.
  • Between Unified Access Gateway and Horizon Connection Servers you only need TCP 443. No need for IPSec or 4001 or the other ports. You still need 4172, 22443, etc. to the View Agents.
  • No need to enable Gateway/Tunnel on the internal Horizon Connection Servers.
  • Additional security with DMZ authentication. Some of the Authentication methods supported on Unified Access Gateway are RSA SecurID, RADIUS, CAC/certificates, etc.

However:

  • It’s Linux. You can deploy and configure the appliance without any Linux skills. But you might need some Linux skills during troubleshooting.

Horizon View Security Server is still developed and supported so you’re welcome to use that instead of Unified Access Gateway. But some of the newer Blast Extreme functionality only works in Unified Access Gateway (Access Point) 2.9 and newer. See Configure the Blast Secure Gateway at VMware Docs.

More information at VMware Blog Post Technical Introduction to VMware Unified Access Gateway for Horizon Secure Remote Access.

Horizon Compatibility – Refer to the interoperability matrix to determine which version of Unified Access Gateway is compatible with your version of Horizon.

UAG version 3.7 is UAG ESB for Horizon 7.10 ESB.

UAG version 3.3.1.0 is UAG ESB for Horizon 7.5.2 ESB.

Download one of the following versions of UAG:

Then download the PowerShell deployment scripts on the same UAG download page.

Firewall

VMware Technical White Paper Blast Extreme Display Protocol in Horizon 7, and Firewall Rules for DMZ-Based Unified Access Gateway Appliances at VMware Docs.

Open these ports from any device on the Internet to the Unified Access Gateway Load Balancer VIP:

  • TCP and UDP 443
  • TCP and UDP 4172. UDP 4172 must be opened in both directions. (PCoIP)
  • TCP and UDP 8443 (for HTML Blast)

Open these ports from the Unified Access Gateways to internal:

  • TCP 443 to internal Connection Servers (through a load balancer)
  • TCP and UDP 4172 (PCoIP) to all internal Horizon View Agents. UDP 4172 must be opened in both directions.
  • TCP 32111 (USB Redirection) to all internal Horizon View Agents.
  • TCP and UDP 22443 (Blast Extreme) to all internal Horizon View Agents.
  • TCP 9427 (MMR and CDR) to all internal Horizon View Agents.

Open these ports from any internal administrator workstations to the Unified Access Gateway appliance IPs:

  • TCP 9443 (REST API)
  • TCP 80/443 (Edge Gateway)

Network Profile

Note: in Unified Access Gateway 3.3 and later, Network Protocol Profile is no longer necessary and you can skip this section.

  1. Before importing the Unified Access Gateway OVF, you will need to configure a Network Profile. In vSphere Web Client, go to the Datacenter object. On the right, switch to the Manage (or Configure) tab > Network Protocol Profiles.
  2. Click the plus icon.

  3. In the Select name and network page, enter a name, select the DMZ VM Network for your Unified Access Gateway appliance, and click Next.

  4. In the Configure IPv4 page, enter the subnet information, and Gateway.
  5. Don’t configure an IP pool. Click Next.
  6. In the Ready to complete page, click Finish.
  7. If you are configuring multiple NICs on your Unified Access Gateway, create Network Protocol Profile for the remaining subnets.

Install an SSL Certificate on VMWare Horizon View

 

Install an SSL Certificate on VMWare Horizon View

After the CA signs your SSL Certificate, it will send all the necessary installation files to your email inbox. You need to download the ZIP folder and extract the SSL files.

To import your certificates into the Windows Certificate store, please follow the instructions below:

  1. Log into your Connection/Security server and launch mmc.exe
  2. Navigate to File > Add/Remove Snap-in and select Certificates then hit Add
  3. In the Certificates snap-in window select Computer Account, then Next
  4. Scroll down to Certificates/Personal/Certificates and under Friendly Name column, look for vdm
  5. Right-click the vdm certificate and go to Properties
  6. In the General Tab, rename the Friendly Name from vdm into vdm-original, then click Apply and OK
  7. After you’ve changed the Friendly Name, right-click anywhere in the Console1 main section and select All Tasks > Import…
  8. In the Certificate Import Wizard browse the certificate file you want to import and hit Next
  9. In the next window, enter the password for your Private Key, and check Mark this key as exportable and Include all extended properties boxes. Click Next
  10. In the next Window, click Next, then Finish
  11. Locate the newly imported certificate and right-click it. Select Properties, change the Friendly Name into vdm, then hit Apply > OK
  12. Restart your server to complete the SSL installation.

Congratulations, you’ve successfully added a new SSL Certificate to VMware Horizon View.

Test your SSL Installation

After you install an SSL Certificate on VMWare Horizon View, grab one of these highly rated SSL tools and run a diagnostic scan on your SSL configuration. In just a few seconds, the SSL tool will pinpoint all the existing vulnerabilities and potential errors.

VMWare Horizon View history and versions

VMware Horizon View is a commercial desktop virtualization product developed by VMware, Inc. Initially, it was sold under the name VMware VDM, then changed to VMware View, and, finally Horizon View with the release of version 6 in April 2014.

Listed below are the latest VMWare Horizon releases:

  • VMware Horizon 7.6 (Sep 6, 2018)
  • VMware Horizon 7.5.1 (July 19, 2018)
  • VMware Horizon 7.5 (May 29, 2018)
  • VMware Horizon 7.4 (Jan 04, 2018)
  • VMware Horizon 7.3.2 (November 20, 2017)
  • VMware Horizon 7.2 (Jun 20, 2017)
  • VMware Horizon 7.1 (March 16, 2017)
  • VMware Horizon 7.0.3 (December 8, 2016)
  • VMware Horizon 7.0.2 (September 15, 2016)
  • VMware Horizon 7.0.1 (June 16, 2016)